skills/jeremylongshore/claude-code-plugins-plus-skills/supabase-schema-from-requirements/Gen Agent Trust Hub
supabase-schema-from-requirements
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands using the Supabase CLI (
npx supabase) to create migrations, reset local databases, push changes to remote projects, and generate TypeScript types. These operations are essential to the skill's functionality but involve direct interaction with the database and file system. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) because it processes untrusted business requirements to generate executable SQL migrations and Row Level Security (RLS) policies.
- Ingestion points: Reads external business requirements, PRD documents, or specifications provided in the agent's context.
- Boundary markers: Absent; the skill does not define specific delimiters or instructions for the agent to ignore potentially malicious embedded content in the source documents.
- Capability inventory: Writing SQL migration files to the
supabase/migrations/directory and executing database modifications vianpx supabase db pushandnpx supabase db reset. - Sanitization: Absent; the skill relies on the agent's ability to safely interpret requirements into SQL without explicit sanitization or validation of the input text.
- [EXTERNAL_DOWNLOADS]: The skill references installing the
supabaseCLI and@supabase/supabase-jspackage. These are official tools from a well-known service provider and are standard for Supabase development.
Audit Metadata